Citations: line digital signatures - Even, Goldreich, Micali (ResearchIndex)

25 citations found. Retrieving documents...

S. Even, O. Goldreich, and S. Micali. On-line/o#-line digital signatures. In Brassard [5], pages 263--277.

Home/Search Document Not in Database Summary Related Articles Check

This paper is cited in the following contexts:

Double Hash Chains - Sella (2001) (Correct)

....bits that can be signed per vertex in the graph representing that scheme. They proved that a binary hash tree is more e cient than Lamport s scheme, and found the most e cient hash construction known today a speci c hash DAG. One time digital signatures were used in on line o line signatures [5], in signing digital streams [7] and in signing routing messages [20] In all these applications the cost of signing and verifying real digital signatures (such as RSA) was considered too high, so the authors used them to set up a one time scheme, and used the latter for signing the actual data. ....

S. Even, O. Goldreich and S. Micali, On-line/o-line digital signatures, Journal of Cryptology, 9(1) 1996, pp 35-67.

Performance of Batch-based Digital Signatures - Cheng, Chou, Golubchik (Correct)

....are very fast to compute, this approach requires large amounts of keys to be generated, managed, and distributed (since a signature can only be used once) Therefore, they are not widely used in practice. Another approach of mixing private key digital signatures and one time signatures also exists [5]. It has some of the same drawbacks as one time signatures. On the systems side, in [12] Merkle introduced the idea of authentication trees for an alternate cryptographic system. In contrast, we use digital signatures for authentication, and we use a tree of hashes to reduce message overhead in ....

S. Even, O. Goldreich, and S. Micali. On-line/o-line digital signatures. In G. Brassard,

Bounds and Improvements for BiBa Signature Schemes - Mitzenmacher, Perrig (2002) (2 citations) (Correct)

....operations on minimal hardware is even more pronounced on some sensor networks. For example, futuristic Smart Dust sensors present even more stringent resource constraints [13, 38] To speed up the slow signature generation, Even, Goldreich, and Micali propose on line o line signatures [11]. The slow signing operation is performed o line, and the signer has subsequently a low overhead to generate the nal signature. They propose to use a traditional signature algorithm to sign the public key of a one time signature algorithm o line. The on line signature with the one time ....

....for each bit (for 0 and 1, respectively) of the data to sign. To sign the message, the signer reveals one of the values previously committed to, based on whether the corresponding message bit was 0 or 1. Merkle and Winternitz improved on Lamport s signature [18, 19] Even, Goldreich, and Micali [11] use the Merkle Winternitz approach to construct their on line o line signature. Rohatgi 10 Signature Generation Veri cation Signature size Public key size O line On line (expected) Lamport 160 1 80 80 160 Merkle Winternitz 355 1 169 23 1 Bleichenbacher Maurer 182 1 72 45 1 BiBa 1024 ....

S. Even, O. Goldreich, and S. Micali. On-line/o-line digital signatures. In Brassard [6], pages 263-277.

Better than BiBa: Short One-time Signatures with Fast Signing .. - Reyzin, Reyzin (2002) (11 citations) (Correct)

.... proposed independently by Lamport [Lam79] and (in an interactive setting) by Rabin [Rab78] Various improvements were proposed by Meyer and Matyas [MM82, pages 406 409] Merkle [Mer82] Winternitz (as cited in [Mer87] Vaudenay [Vau92] in an interactive setting) and Even, Goldreich and Micali [EGM96]. Bleichenbacher and Maurer considered generalization of the above work in [BM94, BM96a, BM96b] 1 Perrig s BiBa [Per01] however, appears to be the first scheme whose primary design goal was fast signature verification (while Bleichenbacher and Maurer concern themselves with optimal one time ....

....dramatically increases its signing e#ciency, and slightly decreases the sizes of BiBa s keys and signatures. 1. 2 Applications of One Time Signatures One time signatures have found applications in constructions of ordinary signature schemes [Mer87, Mer89] on line o# line signature schemes [EGM96], forward secure signature schemes [AR00] multicast packet authentication [Roh99] among others. We note that our scheme fits well into all of these applications, including, in particular, the BiBa broadcast authentication scheme of [Per01] In fact, the BiBa broadcast authentication scheme ....

Shimon Even, Oded Goldreich, and Silvio Micali. On-line/o#-line digital signatures. Journal of Cryptology, 9(1):35--67, Winter 1996.

Composition and Efficiency Tradeoffs for Forward-Secure.. - Malkin, Micciancio.. (2001) (1 citation) (Correct)

.... When this scheme is instantiated with the Rabin signature scheme [14] where verifying is simply a squaring operation, it is clear that veri cation for the new scheme will be faster than even the very ecient scheme of [9] Notice that for all internal nodes, one time signatures (e.g. those of [5]) can be used instead of general digital signatures. See also [2] for a general discussion about using one time signatures in the context of forward security. 4.3 The Iterated Sum Construction S log T In this example, we begin with any standard (non forward secure) signature scheme S (viewed ....

S. Even, O. Goldreich, and S. Micali. On-line/o-line digital signatures. Journal of Cryptology, vol 9, 1996, pp. 35-67.

Efficient Password-Authenticated Key Exchange Using.. - Katz, Ostrovsky, Yung (2001) (2 citations) (Correct)

....in order to cause (completion of the protocol and) a non null session key to be de ned. An analysis of our proof proof indicates that the security of our construction is indeed tight in this respect. server encryption. Details appear in Appendix B. We will also need a one time signature scheme [15] secure against existential forgery [19] Finally, our proof of security relies on the Decisional Die Hellman (DDH) assumption [14, 8] note that the security of the Cramer Shoup cryptosystem requires the DDH assumption already) We review these components in Appendix A, and also explicitly ....

....3.3 Practical Considerations In practice, a collision resistant hash function (say, SHA 1) can be used instead of a universal one way hash function. This has the advantage of increased eciency, at the expense of requiring a (possibly) stronger assumption for security. Ecient one time signatures [15] can be based on (presumed) one way functions like SHA 1 or DES. In particular, one time signatures are much more ef cient than signature schemes which are secure against adaptive (polynomiallymany) chosen message attacks. Client computation can be reduced (which is important when the client is ....

S. Even, O. Goldreich, and S. Micali. On-Line/O-Line Digital Signatures. Crypto '89.

A New Forward-Secure Digital Signature Scheme - Abdalla, Reyzin (2000) (32 citations) (Correct)

....maintaining its eciency. The key observation for doing so is that we do not need the full power of ordinary signature schemes at the internal nodes, since they only need to certify two other nodes. Hence, we can use more light weight schemes at these nodes, such as one time signature schemes [8]. These are schemes which can only withstand single message attacks, i.e. the signing key can be used only once. They are usually very ecient and have the potential for using smaller keys due to the restriction they impose on the attack. By using such schemes, we were actually able to achieve some ....

S. Even, O. Goldreich, and S. Micali, \On-line/O-line digital signatures," Jounal of Cryptology, Vol. 9, 1996, pp. 35-67.

Micropayments Revisited - Micali, Rivest (2002) (10 citations) Self-citation (Micali) (Correct)

....are both more secure and signi cantly faster are currently available. Moreover, the computational cost of a public key signature has continued to decrease due to the deployment of more powerful processors. Furthermore, we note that the use of on line o line digital signatures (as proposed in [3] and recently improved in [17] may be a good choice for micropayment schemes. 3 In sum, we now feel free to utilize public key computations even in most micropayment schemes. 2 The MR1 Scheme In this section we improve Rivest s lottery scheme. As before, payments will be selected to be ....

Shimon Even, Oded Goldreich, and Silvio Micali. On-line/o-line digital signatures. In Gilles Brassard, editor, Advances in Cryptology - Crypto '89, pages 263{ 277, Berlin, 1989. Springer-Verlag. Lecture Notes in Computer Science Volume 435.

Ecient Constructions for One-way Hash Chains Yih-Chun Hu - Markus Jakobsson And (Correct)

No context found.

S. Even, O. Goldreich, and S. Micali. On-line/o#-line digital signatures. In Brassard [5], pages 263--277.

Online/Oine Signatures and Multisignatures for AODV and - Dsr Routing Security (2006) (Correct)

No context found.

S. Even, O. Goldreich, and S. Macali. On-line/o#-line digital signatures. In Proceedings of Advances in Cryptology: Crypto '89. Springer, 1990.

This is the merged full version of two independent.. - Direct.. (2006) (Correct)

No context found.

Shimon Even, Oded Goldreich, and Silvio Micali. On-line/o#-line digital signatures. Journal of Cryptology, 9(1):35--67, 1996.

One-Way Cross-Trees and Their Applications - Published In Naccache (Correct)

Direct Chosen-Ciphertext Secure Identity-Based Key.. - Kiltz, Galindo (2006) (Correct)

No context found.

S. Even, O. Goldreich, and S. Micali. On-line/o-line digital signatures. Journal of Cryptology, 9(1):35-67, 1996.

One-Way Cross-Trees and Their Applications - Joye, Yen (2002) (Correct)

Short Undeniable Signatures Without Random - Oracles The Missing (Correct)

No context found.

S. Even, O. Goldreich, S. Micali: On-Line/O#-Line Digital Signatures. J. Cryptology, 9 (1), 35--67 (1996)

Universally Composable Password-Based Key Exchange - Canetti, Halevi, Katz.. (2005) (Correct)

No context found.

S. Even, O. Goldreich, and S. Micali. On-Line/O#-Line Digital Signatures. J. Cryptology 9(1):35-67, 1996.

On the security and the efficiency of the Merkle signature scheme - Garcia (2005) (Correct)

No context found.

Shimon Even, Oded Goldreich, and Silvio Micali. On-line/o#-line digital signatures. Journal of Cryptology, 9(1):35--67, 1996.

One-Way Cross-Trees and Their Applications - Published In Naccache (Correct)

One-Way Cross-Trees and Their Applications - Joye, Yen (2002) (Correct)

Mutual Authentication and Group Key Agreement for . . . - Bresson (2003) (4 citations) (Correct)

No context found.

S. Even, O. Goldreich, and S. Micali. On-line/O#-line Digital Signatures. In Crypto '89, LNCS 435, pp. 263--277, Springer, Aug 1989. [4, 10]

A Provably Secure Nyberg-Rueppel Signature Variant with.. - Ateniese, de Medeiros (2004) (Correct)

No context found.

Even, S., Goldreich, O., and Micali, S. On-line/o#-line digital signatures. Journal of Cryptology 9 (1996), 35--67.

One-Way Cross-Trees and Their Applications - Joye, Yen (2002) (Correct)

Alternatives to Non-Malleability: Definitions.. - MacKenzie, Reiter, Yang (2004) (Correct)

No context found.

S. Even, O. Goldreich, and S. Micali. On-line/O#-line digital signatures. J. Cryptology 9(1):35-67 (1996).

Alternatives to Non-malleability: Definitions.. - MacKenzie, Reiter, Yang (2004) (Correct)

No context found.

S. Even, O. Goldreich, and S. Micali. On-line/O#-line digital signatures. J. Cryptology 9(1):35-67 (1996).

One-Way Cross-Trees and Their Applications - Joye, Yen (2002) (Correct)

No context found.

S. Even, O. Goldreich, and S. Micali. On-line/o#-line digital signatures. In G. Brassard, editor, Advances in Cryptology --- CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 263--275. Springer-Verlag, 1990.

Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback

CiteSeer.IST - Copyright Penn State and NEC